Smarter Mail All Versions - Privilege Escalation

[Mark Litchfield <mark () securatary com>]

This attack will allow a regular SmarterMail user to elevate their 
privileges to Domain Administrator.

I tried to contact Smartmail with the usual security email aliases, 
apparently they do not have any.  I posted to their forum for a contact 
and all I got was an email stating check you are running the latest 
version then if you like please contact us at sales () smartertools com

I personally do not want to run around here and there on my own time.  
Maybe they should consider a more different approach to people trying to 
report security issues.  A good start would be security () smartertools com

A step by step with the usual screen shots at - 
http://www.securatary.com/vulnerabilities

All the best

Mark Litchfield
www.securatary.com





This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------